Linux Blog

How about a few geeky songs to liven up the dull workday? These are all pretty old as far as the internet goes, but they’re all goodies that can be fun to listen to every once in a while and I promise there will be none of Stallman’s doings after the jump.

As a somewhat seasoned PHP developer, I’m always looking for ways to improve code and keep up with the latest happenings. When I saw the book, “Securing PHP Web Applications” by Addison-Wesley, I thought I’d give it a look. PHP is known for its wide deployment and rapid development. Unfortunately, with such a large user base, it is not uncommon to see mistakes within development. Often developers are unaware that what they are doing is insecure. This book addresses important security concerns every developer should be aware of.

The first ten chapters are on programming practices of which, if you’re a system administrator, may not interest you. If you are a developer you should know, understand, be able to fix and, of course (the fun part), exploit for demonstration.

Chapters 11, 12 and 13 are essential reading to any system administrator who will be supporting a LAMP or WAMP stack.
The IIS chapter may not apply to those reading this blog since we all know that securing IIS is not necessary when you’re running Linux. The chapters on securing PHP, MySQL, and Apache outline the basic concepts and give some important pointers that may not be obvious to everyone.

Chapter 14 (Introduction to Automated Testing) and Chapter 15 (Introduction to Exploit Testing) have really opened my eyes to methods I have not used before. We’ve all heard of Selenium and PHPUnit but what about CAL9000 and PowerFuzzer? I’ll be off to try them soon. I can always appreciate applications designed to help secure applications. Nessus, Nikto and MetaSploit lack any mention in this book but now that you’ve read this review, you’ll know to look into those as well.

Chapter 16 is on designing secure applications and 17 is on patching, which would have been useful for me to explain to someone as to why they shouldn’t be working on their production site (to make things worse with no version control.)

There are so many products out there that are vulnerable to some of the attacks. We see them everyday in the security lists. I think that any company and developer of PHP based Web Applications should have a keen grasp on the concepts outlined within the pages of this book.

I do not think, however, that “Securing PHP Web Applications” is a book that is necessarily intended for every developer out there. I think its a great book for anyone with an active interest in security that has been developing for a while but would like some pointers on how to secure their web apps or a reference for developers in need.

There comes a time in every shell script where a decision has to be made.

To make a decision in bash the following if then else syntax can be used:

if [condition]then

statements

[ elif[condition]

then

statements ]

[ else

statements ]

fi

Anything in non bold [ brackets ] is optional, and they should not be typed but the bold in them is required. Anything in bold must be typed. Statements are generally other commands or flow control statements.

To give an example of how to use bash if then else statements in the real world take the following scenario:

A system administrator has a strict habit of firing people that have too many .png files. He checks the systems regularly and makes sure that nobody has too many. The following script will display a message depending on the number of .png’s that are in the directory.

Cases are similar to if statements in that they match a expression and perform a task if the pattern is matched.

bash case syntax:

caseexpressionin

pattern1 ) statements;;

pattern2)statements;;

esac

This is fairly simple and some people find this easier than doing if statements for simple logic. Take the following real world example:

The system administrator has recently gone on a bigger power trip than before. Since people got wise about using png’s and started saving images in other file formats he is now monitoring png’s gif’s and jpg’s. To combat the problem, you can use a case to count how many files you have of each type. (This is intended as an example, there are many ways to accomplish this task, this is just to demonstrate how cases work)

There you have it, two ways to make basic decisions in bash. Just figure out what you want to do then use an if then else, or a case statement to do the logic. I myself prefer if statements over cases as they make more sense to me and I find it easier to perform logic within ifs.